Check Point Certified Security Administrator v9.0 (156-215.77)

Page:    1 / 24   
Total 358 questions

You enable Hide NAT on the network object, 10.1.1.0 behind the Security Gateways external interface. You browse to the Google Website from host, 10.1.1.10 successfully.
You enable a log on the rule that allows 10.1.1.0 to exit the network. How many log entries do you see for that connection in SmartView Tracker?

  • A. Two, one for outbound, one for inbound
  • B. Only one, outbound
  • C. Two, both outbound, one for the real IP connection and one for the NAT IP connection
  • D. Only one, inbound


Answer : B

A digital signature:

  • A. Guarantees the authenticity and integrity of a message.
  • B. Automatically exchanges shared keys.
  • C. Decrypts data to its original form.
  • D. Provides a secure key exchange mechanism over the Internet.


Answer : A

Your perimeter Security Gateways external IP is 200.200.200.3. Your network diagram shows:


Required. Allow only network 192.168.10.0 and 192.168.20.0 to go out to the Internet, using 200.200.200.5.
The local network 192.168.1.0/24 needs to use 200.200.200.3 to go out to the Internet.
Assuming you enable all the settings in the NAT page of Global Properties, how could you achieve these requirements?

  • A. Create network objects for 192.168.10.0/24 and 192.168.20.0/24. Enable Hide NAT on both network objects, using 200.200.200.5 as hiding IP address. Add an ARP entry for 200.200.200.3 for the MAC address of 200.200.200.5.
  • B. Create an Address Range object, starting from 192.168.10.1 to 192.168.20.254. Enable Hide NAT on the NAT page of the address range object. Enter Hiding IP address 200.200.200.5. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
  • C. Create a network object 192.168.0.0/16. Enable Hide NAT on the NAT page. Enter 200.200.200.5 as the hiding IP address. Add an ARP entry for 200.200.200.5 for the MAC address of 200.200.200.3.
  • D. Create two network objects: 192.168.10.0/24 and 192.168.20.0/24. Add the two network objects to a group object. Create a manual NAT rule like the following: Original source - group object; Destination - any; Service - any; Translated source - 200.200.200.5; Destination - original; Service - original.


Answer : B

Which R77 SmartConsole tool would you use to verify the installed Security Policy name on a Security Gateway?

  • A. SmartView Tracker
  • B. None, SmartConsole applications only communicate with the Security Management Server.
  • C. SmartView Server
  • D. SmartUpdate


Answer : A

A host on the Internet initiates traffic to the Static NAT IP of your Web server behind the
Security Gateway. With the default settings in place for NAT, the initiating packet will translate the _________.

  • A. destination on server side
  • B. source on server side
  • C. source on client side
  • D. destination on client side


Answer : D

Which Check Point address translation method is necessary if you want to connect from a host on the Internet via HTTP to a server with a reserved (RFC 1918) IP address on your
DMZ?

  • A. Dynamic Source Address Translation
  • B. Hide Address Translation
  • C. Port Address Translation
  • D. Static Destination Address Translation


Answer : D

How can you configure an application to automatically launch on the Security Management
Server when traffic is dropped or accepted by a rule in the Security Policy?

  • A. SNMP trap alert script
  • B. Custom scripts cannot be executed through alert scripts.
  • C. User-defined alert script
  • D. Pop-up alert script


Answer : C

You just installed a new Web server in the DMZ that must be reachable from the Internet.
You create a manual Static NAT rule as follows:
SourcE. Any || Destination: web_public_IP || ServicE. Any || Translated SourcE. original ||
Translated Destination: web_private_IP || ServicE. Original
web_public_IP? is the node object that represents the new Web servers public IP address. web_private_IP? is the node object that represents the new Web sites private IP address. You enable all settings from Global Properties > NAT.
When you try to browse the Web server from the Internet you see the error page cannot be displayed?. Which of the following is NOT a possible reason?

  • A. There is no Security Policy defined that allows HTTP traffic to the protected Web server.
  • B. There is no ARP table entry for the protected Web server’s public IP address.
  • C. There is no route defined on the Security Gateway for the public IP address to the Web servers private IP address.
  • D. There is no NAT rule translating the source IP address of packets coming from the protected Web server.


Answer : A

Static NAT connections, by default, translate on which firewall kernel inspection point?

  • A. Inbound
  • B. Outbound
  • C. Post-inbound
  • D. Eitherbound


Answer : A

Which of the following can be found in cpinfo from an enforcement point?

  • A. Everything NOT contained in the file r2info
  • B. VPN keys for all established connections to all enforcement points
  • C. The complete file objects_5_0.c
  • D. Policy file information specific to this enforcement point


Answer : D

The fw monitor utility is used to troubleshoot which of the following problems?

  • A. Phase two key negotiation
  • B. Address translation
  • C. Log Consolidation Engine
  • D. User data base corruption


Answer : B

Which of the following is a hash algorithm?

  • A. 3DES
  • B. IDEA
  • C. DES
  • D. MD5


Answer : D

Which Check Point address translation method allows an administrator to use fewer ISP- assigned IP addresses than the number of internal hosts requiring Internet connectivity?

  • A. Hide
  • B. Static Destination
  • C. Static Source
  • D. Dynamic Destination


Answer : A

After implementing Static Address Translation to allow Internet traffic to an internal Web
Server on your DMZ, you notice that any NATed connections to that machine are being dropped by anti-spoofing protections. Which of the following is the MOST LIKELY cause?

  • A. The Global Properties setting Translate destination on client side is unchecked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Check the Global Properties setting Translate destination on client side.
  • B. The Global Properties setting Translate destination on client side is unchecked. But the topology on the external interface is set to Others +. Change topology to External.
  • C. The Global Properties setting Translate destination on client side is checked. But the topology on the external interface is set to External. Change topology to Others +.
  • D. The Global Properties setting Translate destination on client side is checked. But the topology on the DMZ interface is set to Internal - Network defined by IP and Mask. Uncheck the Global Properties setting Translate destination on client side.


Answer : A

Exhibit:


You plan to create a backup of the rules, objects, policies, and global properties from an
R77 Security Management Server. Which of the following backup and restore solutions can you use?

  • A. 2, 4, and 5
  • B. 1, 2, 3, 4, and 5
  • C. 1, 2, and 3
  • D. 1, 3, and 4


Answer : C

Page:    1 / 24   
Total 358 questions